Implement OVA NIFS (#163)

* feat: Basic Ova NIFS impl working The implementation follows the spec outlined by Bunz in: https://hackmd.io/V4838nnlRKal9ZiTHiGYzw?view. With this, the NIFS works and passes all tests. * chore: Resolve all TODOs and warnings * add: Docs for the NIMFS of the scheme and related structs * chore: update imports * add: Docs for all Ova NIFS functions * fix: Unify nomenclature for all variables and elements within NIFS tests * fix: Uniformize instance order in fn calls * chore: pass clippy * chore: clear all clippy findings in tests * chore: Remove `mimc` from spelling checks * chore: Address PR reviews
2026-01-28 14:56:40 +01:00 · 2024-10-03 10:36:09 +02:00
parent f1d82418ba
commit 88bbd9cff7
9 changed files with 672 additions and 6 deletions
--- a/folding-schemes/src/folding/nova/decider_eth.rs
+++ b/folding-schemes/src/folding/nova/decider_eth.rs
@@ -402,7 +402,7 @@ pub mod tests {
        let start = Instant::now();
        let verified = D::verify(
            decider_vp.clone(),
-            nova.i.clone(),
+            nova.i,
            nova.z_0.clone(),
            nova.z_i.clone(),
            &nova.U_i,
@@ -516,7 +516,7 @@ pub mod tests {
        let start = Instant::now();
        let verified = D::verify(
            decider_vp.clone(),
-            nova.i.clone(),
+            nova.i,
            nova.z_0.clone(),
            nova.z_i.clone(),
            &nova.U_i,
--- a/folding-schemes/src/folding/nova/nifs.rs
+++ b/folding-schemes/src/folding/nova/nifs.rs
@@ -367,7 +367,7 @@ pub mod tests {

        // next equalities should hold since we started from two cmE of zero-vector E's
        assert_eq!(ci3.cmE, cmT.mul(r));
-        assert_eq!(w3.E, vec_scalar_mul(&T, &r));
+        assert_eq!(w3.E, vec_scalar_mul(T.as_slice(), &r));

        // NIFS.Verify_Folded_Instance:
        NIFS::<Projective, Pedersen<Projective>>::verify_folded_instance(r, &ci1, &ci2, &ci3, &cmT)
--- a/folding-schemes/src/folding/nova/traits.rs
+++ b/folding-schemes/src/folding/nova/traits.rs
@@ -6,6 +6,9 @@ use crate::arith::ArithSampler;
 use crate::arith::{r1cs::R1CS, Arith};
 use crate::commitment::CommitmentScheme;
 use crate::folding::circuits::CF1;
+use crate::folding::ova::{
+    CommittedInstance as OvaCommittedInstance, TestingWitness as OvaWitness,
+};
 use crate::Error;

 /// Implements `Arith` for R1CS, where the witness is of type [`Witness`], and
@@ -95,3 +98,24 @@ impl<C: CurveGroup> ArithSampler<C, Witness<C>, CommittedInstance<C>> for R1CS<C
        Ok((witness, cm_witness))
    }
 }
+
+// Sadly, this forces duplication of code. We can try to abstract with more traits if needed..
+impl<C: CurveGroup> Arith<OvaWitness<C>, OvaCommittedInstance<C>> for R1CS<CF1<C>> {
+    type Evaluation = Vec<CF1<C>>;
+
+    fn eval_relation(
+        &self,
+        w: &OvaWitness<C>,
+        u: &OvaCommittedInstance<C>,
+    ) -> Result<Self::Evaluation, Error> {
+        self.eval_at_z(&[&[u.mu], u.x.as_slice(), &w.w].concat())
+    }
+
+    fn check_evaluation(
+        w: &OvaWitness<C>,
+        _u: &OvaCommittedInstance<C>,
+        e: Self::Evaluation,
+    ) -> Result<(), Error> {
+        (w.e == e).then_some(()).ok_or(Error::NotSatisfied)
+    }
+}